This Is Why Your Account Got Hacked

December 6, 2013 — 7 Comments

A couple of years ago, Julia got an email from a friend asking why she had emailed out a link to apparent spam. By the time a few more email replies from friends trickled in, Julia had figured out she was the victim of an email hack. After the initial wave of panic, she quickly changed her password on the account which, thankfully, she still had access to.

As it turns out, the hacker’s IP address came from Beijing, China. They had only used Julia’s account to send spam and did not appear to access any of her emails. Had they read her email, they would have had access to years worth of personal information, including credit card numbers, photos of our kids, private conversations–you name it. It was scary stuff and a reality check for us.

Photo Credit: mafate69 via Compfight cc

Photo Credit: mafate69 via Compfight cc

Since that hack on Julia’s account, I’ve seen posts on Facebook from friends who have had a similar experiences. Many of them marvel at why they were selected for an attack and how on earth the criminals guessed their password.

If this has happened to you, don’t beat yourself up, but you should know it is often the result of people being lax with their online security. You know not to leave your house key under the door mat because it’s the first place a criminal will look. Online security is the same way. It’s likely that criminals know the game better than you, and if you make it easy for them to exploit you, they will.

With that said, let me share three simple points to help you shore up your online security, lest you be the victim of a hack that exposes some of your most personal data to hackers with nefarious intent.

What Should You Do If You Are Hacked?

If you realize you’ve been hacked, step one is to log in to your account immediately and change your password. This will lock out anyone who had access using the hacked password.

Once you do that, it’s a debatable question of etiquette as to whether you email everyone again to let them know and/or apologize for the hack. My thought is to not bother with the second email. It should be obvious to most people that you were hacked and did not intent to send a link to such an incredible weight loss product/cheap v1agra/R0lex watch. People should know to avoid clicking on spammy links by now.

How Did The Hack Happen?

I don’t know what the actual percentage is, but according to my own sarcastic opinion, 99.99% of the time these account get hacked, it is due to one simple reason.

You are using the same username and password combination elsewhere on the web–quite possibly everywhere on the web.

This is how hackers were able to access Julia’s email account.

Look, I know you feel like you’ll never remember which whacky password went to which website, but you just have to stop using the same one for everything. It’s the digital version of the key under the door mat. Criminals are out there hoping you will do this. In fact, they depend on it.

Photo Credit: Christophe Verdier via Compfight cc

Photo Credit: Christophe Verdier via Compfight cc

Here’s how these hacks happen. Much like houses, some websites are more secure than others. Email providers like Gmail, for example, are locked up like Fort Knox. Other sites like that photo printing website where you made your Christmas cards or that free music service you listen to are less secure. Hackers can exploit weaknesses on these smaller sites to get them to cough up username and password combinations. And it’s not really all that hard for them to do, either.

Once they have those stolen username and password combos, they can try them on a myriad of larger, more secure sites like Gmail, Yahoo, Facebook, Amazon, etc. If you’ve used the same username/password combo all over the Internet, you’ve made it highly likely that these hackers will be successful accessing your secure accounts with the same username/password combos stolen from less secure sites.

How Can You Keep Your Accounts Secure?

If you use these four tips when creating a password, you will go a long way to keeping yourself safe online.

Have a unique password for every online account.

This single step will prevent the vast majority of hacks, but this alone is not enough. Your password also has to be robust, even complicated. I know it’s hard to remember random passwords, and that leads us to the next tip.

Use a phrase you can remember.

Think of a phrase like “the hills are alive with the sound of music,” abbreviate it, then use that as a starting point for your new password. Now you have “thaawtsom.” Make the phrase you use relevant to the website you are on so that it’s easier to remember. So this phrase about music might be the password phrase for Pandora or iTunes, for example.

Make passwords complicated.

Passwords should never be shorter than 8 characters, and longer passwords are even better. The more complicated they are, the more difficult they’ll be to crack.

Now, let’s take the phrase we used earlier and mix in a few upper and lowercase letters, like this tHaawtSoM. Now substitute a few letters with numbers: tH44wtS0M. Then add in at least one special character, like this: ¡tH44wtS0M! and now you have a password that is less random but very secure.

Photo Credit: Danny Nicholson via Compfight cc

Photo Credit: Danny Nicholson via Compfight cc

If all else fails, iCloud keychain is a new feature for Mac users in Mavericks and iOS7 that will suggest very complicated, random passwords for sites you visit. You only have to remember your iCloud password and Safari will remember the rest. It’s pretty handy and works well for me. LastPass and 1Password are similar paid alternatives that have been around even longer.

Never use obvious passwords.

If you are using passwords like “password” or “123456″ you are asking for trouble. You may be interested to see if your password is on the list of the 25 worst.

Don’t Gamble with Your Digital Security

You know not to leave the house without locking your doors, but many people take their security far less seriously. Ironically, a hack can do much more damage than a house break in. So do what you can to stay safe out there. Change your passwords today if you know they are not secure! The web is only going to be as safe as you make it.

Hayden Wreyford

Posts Twitter Google+

Hayden is a storyteller, musician, designer, Apple fanboy, and genuine people-person. Never one to sit still for long, he mixes serious creativity with a logical side and a desire to leave things better than how he found them. He's been known to keep the room laughing with an impression or quick one-liner, and is proud to hail from suburban Atlanta with his beautiful wife and two young boys. You can follow him on Twitter and Google+

7 responses to This Is Why Your Account Got Hacked

  1. Great post, Hayden. We need more people to use good, random passwords that are unique to each website. For a slightly more techy post on this, see the one I published two weeks ago at I will update it to link back here as an additional point of view on this topic.

    • Thanks, Frank! I just read your post and feel quite validated to see you recommend 1Password and LastPass. Those who know the risks best protect themselves, so it says something that you choose ridiculously long passwords and change them every 90 days. Most of us just walk around blissfully ignorant until we become the victim. So hopefully we are helping to spread the word!

  2. Cherie Heringer December 6, 2013 at 8:44 pm

    Thanks, Hayden. This was a well done post. I’m going to work on your suggestions over the upcoming break. I know to keep things secure online, but I needed a refresher reminder.

  3. Another aspect I find useful is to use tiers of passwords based on the risk and damage. There are the passwords signing up for viewing your utility bill, possibly a blog, or the car parts store that saves your car details. If it doesn’t have financial or personal details, you can use your lower level passwords. Then you bump up to stores that have stored credit card information and then finally your bank, tax, and records with lots of personal details. This is where you want the passwords to be lengthy and very unique. Very soon all of this will be moot of course as we move to biometrics, voice, and facial recognition. But, as soon as we think we have a foolproof plan…guaranteed, someone will crack it.

  4. Dustin Daniels March 3, 2014 at 1:41 am

    Great tips, Hayden. I’ve been using 1Password for years. Now if we can only get the websites to require strict standards. I was appalled when I recently renewed my car reg on the Nevada DMV. I required an 8 character password, no more, no less, and it was NOT case sensitive.

    Besides the 25 worst passwords, how about an article shaming these websites with the worst password implementation?

Leave a Reply


Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>